<html>
<head><meta charset="utf-8"><title>scudo / gwpasan · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/scudo.20.2F.20gwpasan.html">scudo / gwpasan</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="182118745"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/scudo%20/%20gwpasan/near/182118745" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/scudo.20.2F.20gwpasan.html#182118745">(Nov 28 2019 at 15:48)</a>:</h4>
<p>If anyone's interested in a project, getting rust to support the scudo allocator (which llvm packages as a sanitizer) would be a useful task <a href="https://llvm.org/docs/ScudoHardenedAllocator.html" target="_blank" title="https://llvm.org/docs/ScudoHardenedAllocator.html">https://llvm.org/docs/ScudoHardenedAllocator.html</a></p>
<p>My primary interest in scudo is that it bundles gwp-asan by default (gwp asan is basically a sampling version of asan, which is low enough overhead to ship in production), it's described <a href="https://llvm.org/docs/GwpAsan.html" target="_blank" title="https://llvm.org/docs/GwpAsan.html">https://llvm.org/docs/GwpAsan.html</a> and here <a href="https://www.youtube.com/watch?v=RQGWMLkwrKc" target="_blank" title="https://www.youtube.com/watch?v=RQGWMLkwrKc">https://www.youtube.com/watch?v=RQGWMLkwrKc</a>. Making gwp-asan trivial for rust would be great from the perspective of increasing safety of unsafe code</p>
<div class="youtube-video message_inline_image"><a data-id="RQGWMLkwrKc" href="https://www.youtube.com/watch?v=RQGWMLkwrKc" target="_blank" title="https://www.youtube.com/watch?v=RQGWMLkwrKc"><img src="https://i.ytimg.com/vi/RQGWMLkwrKc/default.jpg"></a></div>



<a name="182142990"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/scudo%20/%20gwpasan/near/182142990" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/scudo.20.2F.20gwpasan.html#182142990">(Nov 29 2019 at 00:26)</a>:</h4>
<p>Wait, gwp-asan is open-source? Yay!</p>



<a name="182142996"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/scudo%20/%20gwpasan/near/182142996" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/scudo.20.2F.20gwpasan.html#182142996">(Nov 29 2019 at 00:27)</a>:</h4>
<p>Dear Seht... is that a retconned recursive acronym?</p>



<a name="182143267"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/scudo%20/%20gwpasan/near/182143267" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/scudo.20.2F.20gwpasan.html#182143267">(Nov 29 2019 at 00:36)</a>:</h4>
<p>Sadly I don't see it as low-hanging fruit that would increase safety universally. GWP-ASAN is a very particular thing that only helps if you have a very large number of deployments and also a system to collect crash reports from the deployments, which very few entities have, and those are mostly large companies.</p>



<a name="182186564"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/scudo%20/%20gwpasan/near/182186564" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Alex Gaynor <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/scudo.20.2F.20gwpasan.html#182186564">(Nov 29 2019 at 15:39)</a>:</h4>
<p>It's true that gwp-asan requires some good infra to get the most out of it, but I think there's already plenty of rust packages that are widely used in contexts where people would file bugs (e.g. <code>rg</code>).</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>